[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Opportunistic STARTTLS in smtpmail.el
From: |
Ted Zlatanov |
Subject: |
Re: Opportunistic STARTTLS in smtpmail.el |
Date: |
Mon, 02 May 2011 13:52:20 -0500 |
User-agent: |
Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.50 (gnu/linux) |
On Mon, 02 May 2011 00:19:18 +0200 Lars Magne Ingebrigtsen <address@hidden>
wrote:
LMI> Lars Magne Ingebrigtsen <address@hidden> writes:
>> Hm... perhaps I should convert smtpmail.el to use opportunistic
>> STARTTLS while I'm at it.
LMI> Oh, now I remember why I didn't do the smtpmail.el `open-network-stream'
LMI> conversion the last time.
LMI> smtpmail.el provides an option to pass TLS credentials to the server via
LMI> switches like
LMI> "--x509keyfile" "--x509certfile"
LMI> to gnutlc-cli. `open-network-stream' has no concept of these things,
LMI> and I'm not sure gnutls.c has, either. Ted?
Yes, definitely, with the :keyfiles and :trustfiles parameters to
`gnutls-boot'. But I haven't tested that much (the functionality is on
the GnuTLS side in any case). So you'd need some dynamically-scoped
global variables like `gnutls-keyfiles' and `gnutls-trustfiles' to hold
these, so they can be overridden as needed.
LMI> If gnutls.c has, I can extend `open-network-stream' to take keywords for
LMI> the keyfile and the certfile, if that is the way we want to go. Or
LMI> perhaps add a global variable like `smtpmail-starttls-credentials',
LMI> ;;(setq smtpmail-starttls-credentials
LMI> ;; '(("YOUR SMTP HOST" 25 "~/.my_smtp_tls.key"
"~/.my_smtp_tls.cert")))
LMI> but call it `network-tls-credentials', and have `open-network-stream'
LMI> deal with this stuff itself -- if it's doing a STARTTLS or a TLS
LMI> connection, is can consult the `network-tls-credential' variable, see if
LMI> it finds a match, and then feed the required data to
LMI> starttls.el/tls.el/gnutls.c. (*Phew*.)
This is all nasty, nasty for the user. The whole
`smtpmail-starttls-credentials' structure can be replaced with
`auth-source-search' calls for all possible use cases. The user can
say, for instance:
machine mysmtpserver.com login tzz password mypassword keyfile "~/.keyfile"
LMI> But I'm wondering -- does anybody use this credential stuff for talking
LMI> to their SMTP servers?
LMI> I'd rather just delete `smtpmail-starttls-credentials' and pretend that
LMI> I've never heard about it.
Credentials are useful. Move them to auth-source.
Ted
- Re: Emacs RPC security, Lars Magne Ingebrigtsen, 2011/05/01
- Re: Emacs RPC security, Lars Magne Ingebrigtsen, 2011/05/01
- Opportunistic STARTTLS in smtpmail.el (was: Emacs RPC security), Lars Magne Ingebrigtsen, 2011/05/01
- Re: Opportunistic STARTTLS in smtpmail.el, James Cloos, 2011/05/02
- Re: Opportunistic STARTTLS in smtpmail.el,
Ted Zlatanov <=
- Re: Opportunistic STARTTLS in smtpmail.el, Lars Magne Ingebrigtsen, 2011/05/02
- Re: Opportunistic STARTTLS in smtpmail.el, Ted Zlatanov, 2011/05/02
- Re: Opportunistic STARTTLS in smtpmail.el, Lars Magne Ingebrigtsen, 2011/05/02
- Re: Opportunistic STARTTLS in smtpmail.el, Ted Zlatanov, 2011/05/02
- Re: Opportunistic STARTTLS in smtpmail.el, Lars Magne Ingebrigtsen, 2011/05/02
- Re: Opportunistic STARTTLS in smtpmail.el, Ted Zlatanov, 2011/05/02
- Re: Opportunistic STARTTLS in smtpmail.el, Lars Magne Ingebrigtsen, 2011/05/03
- Re: Opportunistic STARTTLS in smtpmail.el, Ted Zlatanov, 2011/05/03
- Re: Opportunistic STARTTLS in smtpmail.el, Lars Magne Ingebrigtsen, 2011/05/30
- Re: Opportunistic STARTTLS in smtpmail.el, Robert Pluim, 2011/05/30